<?php
/**
 *账号管理
 *
 */

require_once ROOT_PATH . '/lib/confs/Conf.php';
require_once ROOT_PATH . '/lib/confs/sysConf.php';
require_once ROOT_PATH . '/lib/dao/DMLFunctions.php';
require_once ROOT_PATH . '/lib/dao/SQLQBuilder.php';

require_once ROOT_PATH . '/lib/models/time/Timesheet.php';
require_once ROOT_PATH . '/lib/models/time/TimeEvent.php';
require_once ROOT_PATH . '/lib/models/time/ProjectReport.php';
require_once ROOT_PATH . '/lib/common/TemplateMerger.php';

class UserController extends Base  {
	const POWER_TEMP='/templates/user/';
	private $db;
	private $ctrl='user';
	private $tableName='hs_hr_users';
	public function __construct() {
		$this->db = new DMLFunctions ();
		error_reporting(0);
		$this->ctrl=$_REQUEST['ctrl'];
	}
	public function run($fun) {

	}
	public function delete() { 
		$sql="delete from hs_hr_users ";
		$user_ids=$_POST['userids'];
		if (empty($user_ids) || array_search($_SESSION['fname'],$user_ids)) {
			$this->redirect("对不起，请选择用户再进行操作","?ctrl=".$this->ctrl);		
		}
		$deleteUseStr='';
		foreach ($user_ids as $ku=>$vu) {
			$user_ids[$ku]=$vu;
		}
		$deleteUseStr=implode("','",$user_ids);
		if ($deleteUseStr) {
			$sql.=" where user_name in ('{$deleteUseStr}')";
			$query=$this->db->executeQuery($sql);
			$this->redirect("删除成功","?ctrl=".$this->ctrl);				
		}
	}
	public function getUserList() { 
		$search=strval($_REQUEST['keyWord']);
		$search=addslashes($search);
		$whereSql=" where 1=1 ";
		$sql="select * from hs_hr_users ";
		if ($search) {
			$whereSql.=" and  user_name like '%{$search}%'";
		}
		$sql.=$whereSql;
		$query=$this->db->executeQuery($sql);
		$result=$this->db->dbObject->getArrayList($query);
		$records['list']=$result;
		$records['keyWord']=$_REQUEST['keyWord'];
		$records['myUser']=$_SESSION['fname'];
		$this->outPut(__FUNCTION__,$records);
	}
	public function saveUserPower() {
		$userIds=$_REQUEST['userids'];
		$myUserId=$_SESSION['user'];
		$role_groupId=intval($_REQUEST['rg_id']);
		if (empty($userIds) || !is_array($userIds) || array_search($userIds,$myUserId)!==false) {
			$this->redirect("对不起，请选择用户再进行操作","?ctrl=".$this->ctrl."&action=giveUserPower");
		}
		$sql="select * from hs_hr_role_right where id ={$role_groupId}";

		$query=$this->db->executeQuery($sql);
		$result=$this->db->dbObject->getOne($query);

		if (empty($result)) {
			$this->redirect("对不起，权限组不存在","?ctrl=".$this->ctrl."&action=giveUserPower");
		}
		$userIdStrs=implode("','",$userIds);
		$userIdStrs="'".$userIdStrs."'";
		$updateSql="update hs_hr_users set role_right_id={$role_groupId} where id in ({$userIdStrs})";

		$query=$this->db->executeQuery($updateSql);
		if ($query) {
			$this->redirect("恭喜你，编辑成功","?ctrl=".$this->ctrl."&action=giveUserPower",false);
		} else {
			$this->redirect("对不起，编辑失败","?ctrl=".$this->ctrl."&action=giveUserPower");
		}

	}
	public function showPower() {
		$sql="select * from hs_hr_role_right ";
		$query=$this->db->executeQuery($sql);
		$result=$this->db->dbObject->getArrayList($query);
		$records = array ();
		$records ['configs'] = MenuDisplay::getInstance()->getConfigs();
		$records['list']=$result;
		$this->outPut(__FUNCTION__,$records);
	}
	/**
	 * 添加角色权限
	 *
	 */
	public  function addShow() {


		$sql="select emp_number,employee_id,emp_firstname,emp_nick_name from `hs_hr_employee` ";
		$query=$this->db->executeQuery($sql);
		$result=$this->db->dbObject->getArrayList($query);
	    $records = array ();
// 		$records ['configs'] = MenuDisplay::getInstance()->getConfigs();
		$records['empList']=$result;
		$this->outPut(__FUNCTION__,$records);

	}
	public  function addSave() {

		$roleName=strval($_POST['user_name']);
		$roleName=addslashes($roleName);
		$roleName=trim($roleName);
		$first_name=strval($_POST['first_name']);
		$first_name=addslashes($first_name);
		$first_name=trim($first_name);
		$user_password=strval($_POST['user_password']);
		$user_password=addslashes($user_password);
		$user_password=trim($user_password); 
		$user_password2=addslashes(trim($_POST['user_password2']));
		$emp_number=intval($_REQUEST['emp_number']);
		if (empty($roleName) || $emp_number<1 || empty($user_password) || empty($first_name)) {
			$this->redirect("对不起，账号与员工id不能为空","?ctrl=".$this->ctrl."&action=addShow");
		}
		$sql="select emp_number from `hs_hr_employee` where emp_number={$emp_number} ";
		$query=$this->db->executeQuery($sql);
		$result=$this->db->dbObject->getOne($query);
		if (!$result) {
			$this->redirect("对不起，关联的员工不存在！","?ctrl=".$this->ctrl."&action=addShow");
		}
		if ($user_password2!=$user_password) {
			$this->redirect("对不起，两次输入的密码不一样！","?ctrl=".$this->ctrl."&action=addShow");			
		}
		$sql="select * from {$this->tableName} where user_name ='{$roleName}'";
		$query=$this->db->executeQuery($sql);
		$result=$this->db->dbObject->getOne($query);
		if ($result) {
			$this->redirect("对不起，账号已存中","?ctrl=".$this->ctrl."&action=addShow");
		}

		$sql="select * from {$this->tableName} where emp_number ='{$emp_number}'";
		$query=$this->db->executeQuery($sql);
		$result=$this->db->dbObject->getOne($query);
		if ($result) {
			$this->redirect("对不起，已关联员工","?ctrl=".$this->ctrl."&action=addShow");
		}

		$time=time();
		$user_id = 'USR00'.$emp_number;
		$right=serialize($_POST['power']);
		$user_passwordTmp=md5($user_password);
		$sql="INSERT INTO `hs_hr_users` (`id`,`user_name`, `user_password`, `first_name`, `emp_number`, `status`, `is_admin`) VALUES ('{$user_id}','{$roleName}', '{$user_passwordTmp}','{$first_name}','{$emp_number}','Enabled','No');";
		//echo $sql;exit;
		$this->db->executeQuery($sql);
//		$this->redirect ( "你没有权限", "?ctrl=power" );
		$this->redirect("添加成功","?ctrl=".$this->ctrl."&action=addShow");

	}
	/**
	 * 编辑单一个账号
	 *
	 */
	public function editOneShow() {
		$id=addslashes($_REQUEST['username']);
//		$id=6;
		$sql="select * from hs_hr_users where user_name ='{$id}'";
		$query=$this->db->executeQuery($sql);
		$result2=$this->db->dbObject->getOne($query); 
		$sql="select emp_number,employee_id,emp_firstname,emp_nick_name from `hs_hr_employee` ";
		$query=$this->db->executeQuery($sql);
		$result=$this->db->dbObject->getArrayList($query);
	    $records = array ();
// 		$records ['configs'] = MenuDisplay::getInstance()->getConfigs();
		$records['empList']=$result;		
		$records['info']=$result2; 
		$this->outPut(__FUNCTION__,$records);
	}
	/**
	 * 保存单个
	 *
	 */
	public function saveOneShow() {
		$id=addslashes($_REQUEST['username']);
//		$id=6;
		$sql="select * from hs_hr_users where user_name ='{$id}'";
		$query=$this->db->executeQuery($sql);
		$result=$this->db->dbObject->getOne($query); 
		if (empty($result)) {
			$this->redirect("账号不存在","?ctrl=".$this->ctrl."&action=editOneShow&username={$id}");			
		} 
		$user_name=addslashes(strval(trim($_POST['user_name'])));
		$first_name=strval($_POST['first_name']);
		$first_name=addslashes($first_name);
		$first_name=trim($first_name);
		$user_password=strval($_POST['user_password']);
		$user_password=addslashes($user_password);
		$user_password=trim($user_password);
		$user_password2=addslashes(trim($_POST['user_password2']));		
		$emp_number=intval($_REQUEST['emp_number']);
		//if ( $emp_number<1 || empty($user_password)) {
		if ( $emp_number<1 || empty($user_name)) {
			$this->redirect("对不起，账号与员工id不能为空","?ctrl=".$this->ctrl."&action=editOneShow&username={$id}");
		}

		if (empty($first_name) && empty($first_name)) {
			$this->redirect("对不起，名字不能为空","?ctrl=".$this->ctrl."&action=editOneShow&username={$id}");						
		}
		$sql="select emp_number from `hs_hr_employee` where emp_number={$emp_number} ";
		$query=$this->db->executeQuery($sql);
		$result=$this->db->dbObject->getOne($query);
		if (!$result) {
			$this->redirect("对不起，关联的员工不存在！","?ctrl=".$this->ctrl."&action=editOneShow&username={$id}");
		}
		if ($user_password2!=$user_password) {
			$this->redirect("对不起，两次输入的密码不一样！","?ctrl=".$this->ctrl."&action=editOneShow&username={$id}");			
		}
		$pwsd_sql='';
		if (!empty($user_password)) {
			$user_passwordTmp=md5($user_password);
			$pwsd_sql = ",user_password='{$user_passwordTmp}'";
		}
		
		$sql="update hs_hr_users set user_name='{$user_name}',first_name='{$first_name}',emp_number='{$emp_number}'".$pwsd_sql." where user_name ='{$id}'";
	 
		$query=$this->db->executeQuery($sql);		
		$this->redirect("编辑成功","?ctrl=".$this->ctrl);								
		
	}	
	public function editShow() {
		$id=intval($_REQUEST['id']);
//		$id=6;
		$sql="select * from hs_hr_role_right where id ={$id}";
		$query=$this->db->executeQuery($sql);
		$result=$this->db->dbObject->getOne($query);
		$records ['configs'] = MenuDisplay::getInstance()->getConfigs();
		$records['info']=$result;
		$records['info']['RightDetail']=json_encode(unserialize($records['info']['RightDetail']));
//		print_r($result);
		$this->outPut(__FUNCTION__,$records);
	}	
	public function editSave() {
		$roleName=strval($_POST['roleName']);
		$time=time();
		$id=intval($_REQUEST['id']);
		$right=serialize($_POST['power']);
		$sql="update hs_hr_role_right set Name='$roleName',RightDetail='$right' where id ={$id}";
		$query=$this->db->executeQuery($sql);
	}


	private function outPut($fileName,$records) {
		$path = self::POWER_TEMP.$fileName.".php";
		$template = new TemplateMerger ( $records, $path );
		$template->display (); 		//
	}
}
?>